Keep loosing WAN IP Address - dhclient does not seem to do update
-
from the Clavister site:
Symptom:
The firewall fails to receive an IP address from DHCP.Note: The swedish ISP Telia has some servers that causes problems with the default settings. Changing the settings to the following is known to work in those cases:
DHCP_MinimumLeaseTime 60
DHCP_ValidateBcast NO
DHCP_AllowGlobalBcast YES
DHCP_UseLinkLocalIP NO
DHCP_DisableArpOnOffer NO -
This is what i found about the options mentioned above:
DHCP_MinimumLeaseTime
Minimum lease time (seconds) accepted from the DHCP server.Default: 60
DHCP_ValidateBcast
Require that the assigned broadcast address is the highest address in the assigned networkDefault: Enabled
DHCP_AllowGlobalBcast
Allow DHCP server to assign 255.255.255.255 as broadcast. (Non-standard.)Default: Disabled
DHCP_UseLinkLocalIP
If this is enabled the firewall will use a Link Local IP (169.254..) instead of 0.0.0.0 while waiting for a lease.Default: Disabled
DHCP_DisableArpOnOffer
Disable the arp check done by the firewall on the offered IP.DHCP client can now be configured to not check for IP conflicts
Issue: The DHCP client normally checks if the IP address in an offer is already taken on the local network by performing an ARP query for it. However, some routers may ARP publish IP addresses while the DHCP transaction is running and cause false positives. One such example is the Clavister Firewall DHCP relayer before v8.30.01, in certain configurations. There are also others.
Change: As of v8.30.01, the DHCP client can be configured to not check for IP conflicts in offered leases via "Advanced Settings" -> "DHCP" -> "DHCP_DisableArpOnOffer".Default: Disabled
The default settings in advanced settings->DHCP client is following:
DHCP_MinimumLeaseTime 60
DHCP_ValidateBcast YES
DHCP_AllowGlobalBcast NO
DHCP_UseLinkLocalIP NO
DHCP_DisableArpOnOffer NOHowever. To have the firewall accept uncommon IP offers you might have to make adjustments on the settings.
DHCP_MinimumLeaseTime 60
DHCP_ValidateBcast NO
DHCP_AllowGlobalBcast YES
DHCP_UseLinkLocalIP NO
DHCP_DisableArpOnOffer YESAnd then there is the one that sai posted about Clavister and TeliaSonera.
-
so the problem is a isp that is having its dhcp server miss configured
shame on them -
My problem was solved.
I have a uptime with 17 days.
Thanks.
-
Hi all! It happened for me again today.
Can someone help me confirm if the behaviour (below) is expected and that the ISP (Telia) might be blamed for missconfigured DHCP servers.
My system:
1.0.1-SNAPSHOT-03-23-2007
built on Mon Mar 26 21:03:58 EDT 20071. Reboot PFSense box
2. I get an IP on WAN from ISP
3. After several hours (approx 12) I loose IP on WAN.
4. Pressing "renew" on WAN interface will render me an new IP
5. I will get uptimes over several days until the next reboot and it starts from point 1 again.Taken from system log:
Mar 28 11:57:58 dhclient: New Subnet Mask (vr0): 255.255.255.0
Mar 28 11:57:58 dhclient: New Broadcast Address (vr0): XX.YY.ZZ.255
Mar 28 11:57:58 dhclient: New Routers (vr0): XX.YY.ZZ.1
Mar 28 11:57:58 dhclient: Adding new routes
Mar 28 11:57:58 dhclient: /sbin/route add default XX.YY.ZZ.1
Mar 28 11:57:58 dhclient: Creating resolv.conf
Mar 28 11:57:59 dhclient: notify_rc_newwanip()
Mar 28 11:57:59 dhclient[328]: bound to XX.YY.ZZ.196 – renewal in 600 seconds.
Mar 28 12:07:58 dhclient[328]: DHCPREQUEST on vr0 to 212.181.166.82 port 67
Mar 28 12:16:45 dhclient[328]: DHCPREQUEST on vr0 to 255.255.255.255 port 67
Mar 28 12:16:45 dhclient[328]: DHCPACK from 81.231.254.1
Mar 28 12:16:45 dhclient[328]: short write: wanted 21 got 0 bytes
Mar 28 12:16:45 dhclient[328]: short write: wanted 21 got 0 bytes
Mar 28 12:16:45 dhclient[328]: exiting.
Mar 28 12:16:45 dhclient[328]: exiting.
Mar 28 12:39:23 dhclient: netstat
Mar 28 12:39:23 dhclient: PREINIT
Mar 28 12:39:23 dhclient: netstat
Mar 28 12:39:23 dhclient: EXPIRE
Mar 28 12:39:23 dhclient: Deleting old routes
Mar 28 12:39:23 dhclient: netstat
Mar 28 12:39:23 dhclient: PREINIT
Mar 28 12:39:23 dhclient[17151]: DHCPDISCOVER on vr0 to 255.255.255.255 port 67 interval 4
Mar 28 12:39:24 dhclient[17151]: DHCPOFFER from 81.231.254.1
Mar 28 12:39:24 dhclient: netstat
Mar 28 12:39:24 dhclient: ARPSEND
Mar 28 12:39:26 dhclient: netstat
Mar 28 12:39:26 dhclient: ARPCHECK
Mar 28 12:39:26 dhclient[17151]: DHCPREQUEST on vr0 to 255.255.255.255 port 67
Mar 28 12:39:26 dhclient[17151]: DHCPACK from 81.231.254.1
Mar 28 12:39:26 dhclient: netstat
Mar 28 12:39:26 dhclient: BOUND
Mar 28 12:39:26 dhclient: Starting add_new_address()
Mar 28 12:39:27 dhclient: ifconfig vr0 inet XX.YY.ZZ.196 netmask 255.255.255.0 broadcast XX.YY.ZZ.255
Mar 28 12:39:27 dhclient: New IP Address (vr0): XX.YY.ZZ.196
Mar 28 12:39:27 dhclient: New Subnet Mask (vr0): 255.255.255.0
Mar 28 12:39:27 dhclient: New Broadcast Address (vr0): XX.YY.ZZ.255
Mar 28 12:39:27 dhclient: New Routers (vr0): XX.YY.ZZ.1
Mar 28 12:39:27 dhclient: Adding new routes
Mar 28 12:39:27 dhclient: /sbin/route add default XX.YY.ZZ.1
Mar 28 12:39:27 dhclient: Creating resolv.conf
Mar 28 12:39:27 dhclient: notify_rc_newwanip()
Mar 28 12:39:27 dhclient[17151]: bound to XX.YY.ZZ.196 – renewal in 600 seconds.
Mar 28 12:49:26 dhclient[17248]: DHCPREQUEST on vr0 to 212.181.166.82 port 67
Mar 28 12:57:05 dhclient[17248]: DHCPREQUEST on vr0 to 255.255.255.255 port 67
Mar 28 12:57:05 dhclient[17248]: DHCPACK from 81.231.254.1
Mar 28 12:57:05 dhclient: netstat
Mar 28 12:57:05 dhclient: RENEW
Mar 28 12:57:05 dhclient: Creating resolv.conf
Mar 28 12:57:06 dhclient[17248]: bound to XX.YY.ZZ.196 – renewal in 600 seconds.If the problem is confirmed to be the ISP i would need help with some additional information on how to lay out the words to make them understand the problem and what in there DHCP server configuration might be wrong.
Regards,
UrbanSk
-
The issue with telia is that their dhcp dont answer all the time, if you got an D-Link DI-604 and the dhcp dont reply the DI-604 will release the ip, there for the short write in pfsense/freebsd?
-
I have exactly the same problem with telia.
The problem is with the configuration of the new equipment in the telestations. (Adsl 2+ ip based) The old equipment (up to 8Mbit, atm based) works fine.
The problem startet for me when I upgraded from 8 to 24 Mbit.
The problem as I see it is that the DHCP server stops answering at a certain time. It just doesn't answer. Then at last dhclient sends out a broadcast and another DHCP server answers with an IP. This never worked out for me so I switched back to the old system with only 8 Mbit… Here a log over what happens:
Jun 15 19:38:20 asterisk1 dhclient: DHCPREQUEST on eth0 to 62.20.251.18 port 67
Jun 15 19:38:20 asterisk1 dhclient: DHCPACK from 62.20.251.18
Jun 15 19:38:20 asterisk1 dhclient: bound to 81.233.XXX.XXX -- renewal in 566 seconds.
Jun 15 19:47:46 asterisk1 dhclient: DHCPREQUEST on eth0 to 62.20.251.18 port 67
Jun 15 19:48:22 asterisk1 last message repeated 4 times
Jun 15 19:48:57 asterisk1 last message repeated 2 times
Jun 15 19:49:25 asterisk1 dhclient: DHCPREQUEST on eth0 to 62.20.251.18 port 67
Jun 15 19:50:05 asterisk1 dhclient: DHCPREQUEST on eth0 to 62.20.251.18 port 67
Jun 15 19:51:44 asterisk1 last message repeated 2 times
Jun 15 19:53:57 asterisk1 dhclient: DHCPREQUEST on eth0 to 62.20.251.18 port 67
Jun 15 19:54:40 asterisk1 dhclient: DHCPREQUEST on eth0 to 62.20.251.18 port 67
Jun 15 19:55:32 asterisk1 last message repeated 2 times
Jun 15 19:56:28 asterisk1 dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67
Jun 15 19:56:28 asterisk1 dhclient: DHCPACK from 81.232.98.1
Jun 15 19:56:28 asterisk1 dhclient: bound to 81.233.XXX.XXX -- renewal in 527 seconds.Clearly at 19:47:46 the server at 62.20.251.18 stops answering requests. Then finally at 19:56:28 a broadcast is sent out and 81.232.98.1 answers with an IP... During these periods internet does not work.
I guess it would work fine if the requests were send as broadcasts all the time. Is there a possibility to make dhclient broadcast all requests instead of sending them to the specific dhcpserver?
-
It should fall back to a broadcast before it drops the previous IP, per the DHCP RFC. If it's still not doing that, we still have a problem.
-
I got a suggestion on another forum where I brought up this problem. Somebody had the same problem as I did and he solved it by rejecting the offers from one of the dhcp servers. In my case it would probably be the one that stops responding.
This is done by putting following code into dhclient.confreject <dhcpserver-ip-adress>;
The reject statement causes the DHCP client to reject offers from
servers who use the specified address as a server identifier.
This can be used to avoid being configured by rogue or misconfig-
ured DHCP servers, although it should be a last resort - better
to track down the bad DHCP server and fix it.I have no possibility to verify or even test this suggestion since I'm no longer hooked up to the service where I experienced the problems. Bud if somebody tests this and verifies that it works, please write here and I'll be happy to upgrade to the higher speed again (:</dhcpserver-ip-adress>
-
I got a suggestion on another forum where I brought up this problem. Somebody had the same problem as I did and he solved it by rejecting the offers from one of the dhcp servers. In my case it would probably be the one that stops responding.
This is done by putting following code into dhclient.confreject <dhcpserver-ip-adress>;
The reject statement causes the DHCP client to reject offers from
servers who use the specified address as a server identifier.
This can be used to avoid being configured by rogue or misconfig-
ured DHCP servers, although it should be a last resort - better
to track down the bad DHCP server and fix it.I have no possibility to verify or even test this suggestion since I'm no longer hooked up to the service where I experienced the problems. Bud if somebody tests this and verifies that it works, please write here and I'll be happy to upgrade to the higher speed again (:</dhcpserver-ip-adress>
Call your ISP… You should not need to do this!
-
I got a suggestion on another forum where I brought up this problem. Somebody had the same problem as I did and he solved it by rejecting the offers from one of the dhcp servers. In my case it would probably be the one that stops responding.
This is done by putting following code into dhclient.confreject <dhcpserver-ip-adress>;
The reject statement causes the DHCP client to reject offers from
servers who use the specified address as a server identifier.
This can be used to avoid being configured by rogue or misconfig-
ured DHCP servers, although it should be a last resort - better
to track down the bad DHCP server and fix it.I have no possibility to verify or even test this suggestion since I'm no longer hooked up to the service where I experienced the problems. Bud if somebody tests this and verifies that it works, please write here and I'll be happy to upgrade to the higher speed again (:</dhcpserver-ip-adress>
Call your ISP… You should not need to do this!
Yeah that's completely outrageous, no way should you ever have to do that under any circumstances.
-
I am also seeing this every time when running in VMWARE.
Every time it's time for renewal to DHCP it fails and I see the same printouts in my log as shown in this thread.- I have tried both normal auto-bridge and also standalone bridge to separate VMNet,
- I have tried different NICs.
- I have also tried to use either vmxnet or e1000 .virtualDev
- Have tried to disable rx/tx offloading.
BUT always the same result.
As a test, I then tried 2 Linux-based routers in VMWare with exact same setup (Smoothwall Express 3.0beta and IPCop 1.4.15)
and they worked flawlessly for hours and hours. (same HW, same NIC, same cables, same VMWare-setup but the GuestSystemOS setting set appropriate)If this would have been entirely DHCP-server missconfiguration fault, then I should have seen problems in all OS.
I think it is a combination with the new DHCLIENT (from OpenBSD).I have seen other forums that also have seen problems with DHCLIENT (taken from OpenBSD) in FreeBSD 6 and they where going
back to the original ISC which worked much better. Could someone please investigate this please.IPCop is using "dhcpcd" (DHCP Client Daemon v.1.3.22-pl4) (but as said, this is a Linux 2.4.x based system)
Best regards
Dan Lundqvist
Stockholm, Sweden -
We cannot go back to ISC's client as we utilize multiple wans.
This thread is far too old. Closing.